A New Related Message Attack on RSA

Abstract. Coppersmith, Franklin, Patarin, and Reiter show that given two RSA cryptograms x e mod N and (ax + b) e mod N for known constants a, b ∈ ZN, one can compute x in O(e log 2 e) ZN-operations with some positive error probability. We show that given e cryptograms ci ≡ (aix + bi) e mod N, i = 0, 1,...e − 1, for any known constants ai, bi ∈ ZN, one can deterministically compute x in O(e) ZN-operations that depend on the cryptograms, after a pre-processing that depends only on the constants. The complexity of the pre-processing is O(e log 2 e) ZNoperations, and can be amortized over many instances. We also consider a special case where the overall cost of the attack is O(e) ZN-operations. Our tools are borrowed from numerical-analysis and adapted to handle formal polynomials over finite-rings. To the best of our knowledge their use in cryptanalysis is novel.

Related Message Attacks to Public Key Encryption Schemes: Relations among Security Notions

Consider a scenario in which an adversary, attacking a certain public key encryption scheme, gains knowledge of several ciphertexts which underlying plaintext are meaningfully related with a given target ciphertext. This kind of related message attack has been proved successful against several public key encryption schemes; widely known is the Franklin-Reiter attack to RSA with low exponent and its subsequent improvement by Coppersmith. However, to the best of our knowledge no formal treatment of these type of attacks has to date been done, and as a result, it has not been rigorously studied which of the ``standard\u27\u27 security notions imply resilience to them. We give formal definitions of several security notions capturing the resistance to this kind of attacks. For passive adversaries we prove that, for the case of indistinguishability, security against related message attacks is equivalent to standard CPA security. On the other hand, one-wayness robust schemes in this sense can be seen as strictly between OW-CPA and IND-CPA secure schemes. Furthermore, we prove that the same holds for active (CCA) adversaries

Public Key Cryptography - PKC 2005 - 8th International Workshop on Theory and Practice in Public Key Cryptography

The proceedings contain 28 papers from the Public Key Cryptography - PKC 2005 - 8th International Workshop on Theory and Practice in Public Key Cryptography. The topics discussed include: a new related message attack on RSA; breaking a cryptographic protocol with pseudoprimes; experimenting with faults, lattices and the DSA; securing RSA-KEM via the AES; one-time verifier-based encrypted key exchange; password-based authenticated key exchange; on the optimization of side-channel attacks; symmetric subgroups membership problems; optimizing robustness while generating shared secret safe primes; and fast multi-computations with integer similarity strategy